anlutro/access

This package is abandoned and no longer maintained. No replacement package was suggested.
There is no license information available for the latest version (0.1.8) of this package.

RBAC models for Laravel 4.

Maintainers

Details

github.com/anlutro/access

Source

Issues

Installs: 48

Dependents: 0

Suggesters: 0

Security: 0

Stars: 14

Watchers: 4

Forks: 0

Open Issues: 0

0.1.8 2014-09-11 16:59 UTC

Requires

Requires (Dev)

Unknown License 1d11b695ad834e11a998a7604c525617b0d1c0c8

  • Andreas Lutro <anlutro.woop@gmail.com>

This package is not auto-updated.

Last update: 2020-01-19 17:45:09 UTC

README

My stab at an RBAC system for Laravel 4.

This is probably extremely query intensive and I have not made many attempts to optimize the number of queries ran/in-memory caching being done.

I wrote this with the intention of using it on small systems with a low number of concurrent users. It is made for systems where you need to control permissions on row-basis rather than just some generalized roles and permissions.

Contribution

Bug reports, feature suggestions and code improvements are highly welcome. If you make a pull request, do make sure that your changes pass the unit tests.

Use the github issue system! If you just want to have a chat, look for me in #laravel on freenode.

Installation

Requirements

  • PHP 5.4 or higher
  • Laravel 4.1 or higher

Install

composer require anlutro/access

Check packagist.org or the github tag list for the latest stable release, or use dev-master if you like living on the edge.

Copy migrations

Copy migrations from vendor/anlutro/access/src/migrations to your app's migration directory. Alternatively, run them with php artisan migrate --package anlutro/access if you just want to play around with the system - copying the migration files manually is recommended for production setups.

Create your user model

Because you probably want to put your own functions and fields on the User model/table, you create the user model yourself. There are two ways to do this and ensure it works with the RBAC system - inheritance (extending a base class) or traits.

class MyUser extends anlutro\Access\Models\User {}

class MyUser extends Eloquent implements anlutro\Access\Interfaces\SubjectInterface
{
	use anlutro\Access\Traits\UserSubject;
}

You are responsible for creating the user table. Remember to update your app/config/auth.php file to reflect your model.

Create one or more resource models

Again you can do this with inheritance or traits:

class MyResource extends anlutro\Access\Models\Resource {}

class MyResource extends Eloquent implements anlutro\Access\Interfaces\ResourceInterface
{
	use anlutro\Access\Traits\ResourceSubject;
}

You are responsible for creating any resource tables.

Usage

First, we need to create some permissions.

use anlutro\Access\Models\Permission;
$lowPermission = Permission::create(['name' => 'Normal Permission']);
$highPermission = Permission::create(['name' => 'High Level Permission']);

Then, let's assign some permissions to actions on one of our resource models. Resource actions with no permissions assigned to them are allowed by default, so be careful.

MyResource::addGlobalPermissionTo('show', $lowPermission);
MyResource::addGlobalPermissionTo('create', $lowPermission);
MyResource::addGlobalPermissionTo('create', $highPermission);
// MyResource::removeGlobalPermissionTo('create', $highPermission);

You can also assign permissions required on specific resources.

$resource = MyResource::first();
$res->addPermissionTo('create', $superHighPermission);
// $res->removePermissionTo('create', $superHighPermission);

Let's create a couple of roles. This step is optional, permissions can be added to users directly if you like - the syntax is exactly the same.

use anlutro\Access\Models\Role;
$userRole = Role::create(['name' => 'User Role']);
$adminRole = Role::create(['name' => 'Admin Role']);
$bannedRole = Role::create(['name' => 'Banned']);
$userRole->addPermission($lowPermission);
$adminRole->addPermission($lowPermission);
$adminRole->addPermission($highPermission);
$bannedRole->denyPermission($lowPermission);

Let's assign the user role to one of our users.

$user = User::first();
$user->addRole($userRole);
// $user->removeRole($userRole);

Now, the user should have access to show, but not create a MyResource.

$resource = MyResource::first();
var_dump( $user->hasPermissionTo('show', $resource) );
$resource = new MyResource;
var_dump( $user->hasPermissionTo('create', $resource) );

If we assign the user the admin role, however, he should have access to create as well.

$user->addRole($adminRole);
var_dump( $user->hasPermissionTo('create', $resource) );

Most of the time you'll be running these checks against the currently logged in user. The Access facade has some handy shorthand functions for this.

use anlutro\Access\Access;
var_dump( Access::allowed('show', $resource) );
var_dump( Access::denied('create', $resource) );

License

The contents of this repository is released under the MIT license.